<?php

namespace App\Http\Middleware;

use Closure;

class CorsMiddleware
{
    public function handle($request, Closure $next)
    {
        $origin = $request->headers->get('origin');
        $origins = explode(',', config('app.allows'));

        if (in_array($origin, $origins)) {
            return $next($request)
                ->header('Access-Control-Allow-Origin', $origin)
                ->header('Access-Control-Allow-Methods', 'POST, GET, OPTIONS, PUT, DELETE')
                ->header('Access-Control-Allow-Headers', 'Content-Type, X-Auth-Token, Origin')
                ->header('Access-Control-Allow-Credentials', 'true');
        } else {
            return $next($request);
        }
    }
}
